SigCont

Is there scanner no longer free?

Either way. I think it allows them to fight off viruses by sending out a new definition vs. having to test again and again before they release a new OS patch. Obviously they test their definitions, but I doubt near as much as an OS update. Not to mention, I a lot of more people who update their virus scanner more than Windows updates.

@kreitje Microsoft Security Essentials is their free Anti-Virus/Anti-Malware solution.

@Umang I think that your first (and thereby, third) point is slightly flawed, so let's start w/ the accepted definition for a "Computer Virus"

A program which can be transmitted between computers via networks (especially the Internet) or removable storage such as CDs, USB drives, floppy disks, etc., generally without the knowledge or consent of the recipient. (en.wiktionary.org/wiki/computer_virus)

It should be noted that in this definition there is no mention of OS vulnerabilities. While it is true that vulnerabilities in the OS can make infection extremely easy, there are many "attack vectors" (OS vulnerabilities and exploits included). One of the most commonly exploited attack vector is the user, and, I think, this is sometimes hard for us tech-savvies to understand.

Probably 85%-90% of computer users only know just enough about their PC to do basic email checking, word processing, and gaming. This limited knowledge includes "safe browsing practices" which in probably 85%-90% of cases would have prevented infection.

That much aside, I think that the most important (to MS) reason that MS is releasing an AV suite is because Microsoft is, by nature, very anti-competitive. If Microsoft begins to bundle their AV with Windows, there would be absolutely no reason for anyone to buy any other AV solution.

...See post two

It should be noted that in this definition there is no mention of OS vulnerabilities. While it is true that vulnerabilities in the OS can make infection extremely easy, there are many "attack vectors" (OS vulnerabilities and exploits included). One of the most commonly exploited attack vector is the user, and, I think, this is sometimes hard for us tech-savvies to understand.

I consider it a security vulnerability if a program can get installed and transmit itself over a network without my consent.

I consider it a security vulnerability if a program can get installed and transmit itself over a network without my consent.

Welcome to Windows :DD Actually there is a firewall and Run as Administrator stuff but in most cases it doesn't work as it's supposed to do because of the user. Most of people I know (and I believe most of Windows users do either) click 'Yes' and 'Allow' any time they see a box asking to confirm that some program is allowed to run as an administrator or access the internet. + There are bugs which can be easily exploited to access those permissions without a user, but bugs are a whole different story.

Forgive my lack of experience with (and hence understanding of) malicious software, but software that exploits the user tend to be categorized as malware, spyware and phishing scams

As far as I know, Malware is a name for all "evil" software like viruses, spyware, worms, trojans and etc...

If I understood you right, then you think viruses are the only ones to exploit bugs and all the others use a dumb user, right? If not - sorry, but if so - you're wrong.
Spyware exploits security wholes (in most cases).
Viruses' most known characteristic is that they spread in your computer by infecting more and more executables. But in order to do so, it requires to be launched (by the user). I think it counts as an exploit of user.
Worms A very spready (no such word, I believe, but maybe you get the point) too, but they spread them selves, without user's help. It exploits security wholes.

This information might be invalid (as I said, I'm no virus expert) but it's pretty simple to find more (and correct) information about them on Google.

Thanks, I think I've understood what both of you are saying. And it does seem to make a lot of sense.

"Protecting users from themselves" seems to be a very valid explanation of the need for an AV.

On a side note, I haven't heard of any virus exploiting Flash on Linux even though Flash is non-free and doesn't get patched in distros. Does this mean that between various OSs, security holes in Flash are not compatible (and hence a Win exploit cannot affect Linux and vice-versa)? Or is it because the permissions given to Flash on Linux are too restrictive for it to cause damage?

I don't mean to be overly skeptical here, but I don't think Flash on Windows is "more bounded with the OS" than on Linux and OS X. Could you explain what you meant and how that is true?

I still don't believe that. I think Flash's better performance on Win is just because the devs focus on the Windows version more than versions for other OSs resulting in it being more optimized on Windows. I don't know a lot about Flash, so this is just my gut feeling.

PS: Anyone else notice the text area skipping letters while typing on this site and the delay between typing and seeing the letters appear? My keyboard is fine because I can type into all other applications/websites without any problem.

Anyone else notice the text area skipping letters while typing on this site and the delay between typing and seeing the letters appear?

Nope, everything is fine to me. Did you try checking CPU usage while using this website? Maybe you got some spyware while discussing about malware? :D

Just to go back to the Flash exploits for a sec: From what I've heard all of the Flash exploits lead to remote code being able to execute on the computer. So the exploits allow the attacker to force Flash (and Acrobat/Reader) to open backdoors in the computer and allow the attacker to inject (I suppose) and code they want into the execution 'stream.' I think that's what generally makes it platform dependent. Each of the three major operating systems work rather differently from one another, and that's probably where the security of the individual OS really comes into play. (Plus, as we all know from this forum and YC, there are a lot more Windows devs than *nix or OSX)

I believe this bug is already fixed but it was a serious one and used for worms (copied from Google so I do not make any mistake):

According to several independent analyses, the exploit is based on a Flash demo for implementing the AES encryption algorithm written in ActionScript. The exploit replaces just a single line (getproperty instead of newfunction), but this substitution makes a mess of the ActionScript stack. This apparently allows additional x86 code to be written to the PC’s memory via Flash Player’s just-in-time compiler and executed. A detailed analysis of the exploit can be found in “A brief analysis of a malicious PDF file which exploits this week’s Flash 0-day

P.S. I copied it because I think this is the one ddreier was talking about

So, if we're going to be picky then Windows does (and has since Win2k I think) have a way to stop most "remote-code" attacks. Data Execution Prevention is a feature of the windows kernel that will instantly terminate and process (and it's children I think) that attempts to execute code from memory.

The problem with DEP is that a lot of poorly written applications tend to break the rules of DEP and will randomly get terminated because of it. So DEP is disabled by default.

So all-in-all there is a practically one-click way to prevent a lot of these attacks, it just so happens to break non-malicious applications as well. However it should be noted that there are other ways to execute malicious code, and DEP will only protect against certain types of attacks. I think there is a whole episode of Security Now! on DEP and how it works.